Vulnerability Description
A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phoenixcontact | Axc F 1152 Firmware | <= 2024.0 |
| Phoenixcontact | Axc F 1152 | - |
| Phoenixcontact | Axc F 2152 Firmware | <= 2024.0 |
| Phoenixcontact | Axc F 2152 | - |
| Phoenixcontact | Axc F 3152 Firmware | <= 2024.0 |
| Phoenixcontact | Axc F 3152 | - |
| Phoenixcontact | Bpc 9102S Firmware | <= 2024.0 |
| Phoenixcontact | Bpc 9102S | - |
| Phoenixcontact | Epc 1502 Firmware | <= 2024.0 |
| Phoenixcontact | Epc 1502 | - |
| Phoenixcontact | Epc 1522 Firmware | <= 2024.0 |
| Phoenixcontact | Epc 1522 | - |
| Phoenixcontact | Plcnext Engineer | <= 2024.0 |
| Phoenixcontact | Rfc 4072R Firmware | <= 2024.0 |
| Phoenixcontact | Rfc 4072R | - |
| Phoenixcontact | Rfc 4072S Firmware | <= 2024.0 |
| Phoenixcontact | Rfc 4072S | - |
Related Weaknesses (CWE)
References
- https://https://cert.vde.com/en/advisories/VDE-2023-056/Broken Link
- https://https://cert.vde.com/en/advisories/VDE-2023-056/Broken Link
FAQ
What is CVE-2023-46142?
CVE-2023-46142 is a vulnerability with a CVSS score of 8.8 (HIGH). A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.
How severe is CVE-2023-46142?
CVE-2023-46142 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-46142?
Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Axc F 1152 Firmware, Phoenixcontact Axc F 1152, Phoenixcontact Axc F 2152 Firmware, Phoenixcontact Axc F 2152, Phoenixcontact Axc F 3152 Firmware.